<?php
if (isset($_SESSION['admin-login'])) {
	if (isset($_POST['hapus'])) {
		$id = (int)$_POST['id'];
		db_query("DELETE FROM pesanan WHERE id = $id");
		$_SESSION['status-pesanan'] = "Pesanan sudah dihapus";
		header("Location: ".site()."/".$param[0]."/pesanan");
	} else if (isset($_POST['update'])) {
		$id = (int)$_POST['id'];
		$status = (int)$_POST['status'];
		db_query("UPDATE pesanan SET status = $status WHERE id = $id");
		if ($status == 1) {
			$transaksis = db_array("SELECT * FROM transaksi WHERE idorder = $id");
			foreach ($transaksis as $transaksi) {
				db_query("UPDATE produk SET dipesan = dipesan + ".$transaksi['kuantitas']." WHERE id = ".$transaksi['idbarang']);
			}
		}
		$_SESSION['input-filter'] = $status + 1;
		$_SESSION['status-pesanan'] = "Pesanan sudah diupdate";
		header("Location: ".site()."/".$param[0]."/pesanan");
	} else if (isset($_POST['filtering'])) {
		$_SESSION['input-filter'] = (int)$_POST['filter'];
		header("Location: ".site()."/".$param[0]."/pesanan");
	} else if (isset($_POST['search'])) {
		$_SESSION['input-search'] = trim($_POST['nohp']);
		header("Location: ".site()."/".$param[0]."/pesanan");
	}
} else {
	$_SESSION['status-login'] = "Log in terlebih dahulu untuk melanjutkan";
	header("Location: ".site()."/".$param[0]."/login");
}
?>